summaryrefslogtreecommitdiffstats
path: root/src/home
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-25 02:54:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-25 02:54:54 +0000
commitaf2a7ac568af7b8ecf1002023dd9d07135c3c9c2 (patch)
tree581ab49f856374f88fabfc43ba54969edbe67316 /src/home
parentReleasing progress-linux version 255.4-1~progress7.99u1. (diff)
downloadsystemd-af2a7ac568af7b8ecf1002023dd9d07135c3c9c2.tar.xz
systemd-af2a7ac568af7b8ecf1002023dd9d07135c3c9c2.zip
Merging upstream version 255.5.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/home')
-rw-r--r--src/home/homed-manager.c2
-rw-r--r--src/home/homework-cifs.c62
2 files changed, 33 insertions, 31 deletions
diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c
index c452531..b8bef53 100644
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@@ -1040,7 +1040,7 @@ static int manager_bind_varlink(Manager *m) {
assert(!m->userdb_service);
r = path_extract_filename(socket_path, &m->userdb_service);
if (r < 0)
- return log_error_errno(r, "Failed to extra filename from socket path '%s': %m", socket_path);
+ return log_error_errno(r, "Failed to extract filename from socket path '%s': %m", socket_path);
/* Avoid recursion */
if (setenv("SYSTEMD_BYPASS_USERDB", m->userdb_service, 1) < 0)
diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c
index 19f1cd5..5d87131 100644
--- a/src/home/homework-cifs.c
+++ b/src/home/homework-cifs.c
@@ -5,6 +5,7 @@
#include <linux/fs.h>
#endif
+#include "data-fd-util.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fileio.h"
@@ -24,7 +25,7 @@ int home_setup_cifs(
HomeSetupFlags flags,
HomeSetup *setup) {
- _cleanup_free_ char *chost = NULL, *cservice = NULL, *cdir = NULL, *chost_and_service = NULL, *j = NULL;
+ _cleanup_free_ char *chost = NULL, *cservice = NULL, *cdir = NULL, *chost_and_service = NULL, *j = NULL, *options = NULL;
int r;
assert(h);
@@ -53,49 +54,50 @@ int home_setup_cifs(
if (!chost_and_service)
return log_oom();
+ if (asprintf(&options, "user=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
+ user_record_cifs_user_name(h), h->uid, user_record_gid(h), user_record_access_mode(h),
+ user_record_access_mode(h)) < 0)
+ return log_oom();
+
+ if (h->cifs_domain)
+ if (strextendf_with_separator(&options, ",", "domain=%s", h->cifs_domain) < 0)
+ return log_oom();
+
+ if (h->cifs_extra_mount_options)
+ if (!strextend_with_separator(&options, ",", h->cifs_extra_mount_options))
+ return log_oom();
+
r = home_unshare_and_mkdir();
if (r < 0)
return r;
STRV_FOREACH(pw, h->password) {
- _cleanup_(unlink_and_freep) char *p = NULL;
- _cleanup_free_ char *options = NULL;
- _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_close_ int passwd_fd = -EBADF;
pid_t mount_pid;
int exit_status;
- r = fopen_temporary_child(NULL, &f, &p);
- if (r < 0)
- return log_error_errno(r, "Failed to create temporary credentials file: %m");
-
- fprintf(f,
- "username=%s\n"
- "password=%s\n",
- user_record_cifs_user_name(h),
- *pw);
-
- if (h->cifs_domain)
- fprintf(f, "domain=%s\n", h->cifs_domain);
-
- r = fflush_and_check(f);
- if (r < 0)
- return log_error_errno(r, "Failed to write temporary credentials file: %m");
-
- f = safe_fclose(f);
-
- if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
- p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0)
- return log_oom();
-
- if (h->cifs_extra_mount_options)
- if (!strextend_with_separator(&options, ",", h->cifs_extra_mount_options))
- return log_oom();
+ passwd_fd = acquire_data_fd(*pw, strlen(*pw), /* flags= */ 0);
+ if (passwd_fd < 0)
+ return log_error_errno(passwd_fd, "Failed to create data FD for password: %m");
r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid);
if (r < 0)
return r;
if (r == 0) {
/* Child */
+
+ r = fd_cloexec(passwd_fd, false);
+ if (r < 0) {
+ log_error_errno(r, "Failed to disable CLOEXEC on password FD: %m");
+ _exit(EXIT_FAILURE);
+ }
+
+ r = setenvf("PASSWD_FD", /* overwrite= */ true, "%d", passwd_fd);
+ if (r < 0) {
+ log_error_errno(errno, "Failed to set $PASSWD_FD: %m");
+ _exit(EXIT_FAILURE);
+ }
+
execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs",
chost_and_service, HOME_RUNTIME_WORK_DIR,
"-o", options, NULL);